From 35c8b1ac7c3b1e4209b1e30d1dbd1a457286b97b Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Mon, 21 Oct 2013 19:37:22 +0800 Subject: debugedit: fix segment fault while file's bss offset have a large number While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file into memory. While the file's bss Offset has a large number, elf_update caculated file size by __elf64_updatenull_wrlock and the size was enlarged. In this situation, elf_update invoked ftruncate to enlarge the file, and memory size (elf->maximum_size) also was incorrectly updated. There was segment fault in elf_end which invoked munmap with the length is the enlarged file size, not the mmap's length. Before the above operations, invoke elf_begin/elf_update/elf_end with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it could make sure the file is safe for the following elf operations. [YOCTO #5356] https://bugzilla.redhat.com/show_bug.cgi?id=1019707 https://bugzilla.redhat.com/show_bug.cgi?id=1020842 Signed-off-by: Hongxu Jia Signed-off-by: Saul Wold --- ...debugedit-valid-file-to-fix-segment-fault.patch | 67 ++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch (limited to 'meta/recipes-devtools/rpm/rpm') diff --git a/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch new file mode 100644 index 0000000000..2696cd3168 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch @@ -0,0 +1,67 @@ +debugedit: fix segment fault while file's bss offset have a large number + +While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file +into memory. While the file's bss Offset has a large number, elf_update +caculated file size by __elf64_updatenull_wrlock and the size was +enlarged. + +In this situation, elf_update invoked ftruncate to enlarge the file, +and memory size (elf->maximum_size) also was incorrectly updated. +There was segment fault in elf_end which invoked munmap with the +length is the enlarged file size, not the mmap's length. + +Before the above operations, invoke elf_begin/elf_update/elf_end +with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it +could make sure the file is safe for the following elf operations. + +Upstream-Status: Pending +Signed-off-by: Hongxu Jia +--- + tools/debugedit.c | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/tools/debugedit.c b/tools/debugedit.c +--- a/tools/debugedit.c ++++ b/tools/debugedit.c +@@ -1512,6 +1512,28 @@ handle_build_id (DSO *dso, Elf_Data *build_id, + } + } + ++/* It avoided the segment fault while file's bss offset have a large number. ++ See https://bugzilla.redhat.com/show_bug.cgi?id=1019707 ++ https://bugzilla.redhat.com/show_bug.cgi?id=1020842 for detail. */ ++void valid_file(int fd) ++{ ++ Elf *elf = elf_begin (fd, ELF_C_RDWR, NULL); ++ if (elf == NULL) ++ { ++ error (1, 0, "elf_begin: %s", elf_errmsg (-1)); ++ return; ++ } ++ ++ elf_flagelf (elf, ELF_C_SET, ELF_F_LAYOUT); ++ ++ if (elf_update (elf, ELF_C_WRITE) < 0) ++ error (1, 0, "elf_update: %s", elf_errmsg (-1)); ++ ++ elf_end (elf); ++ ++ return; ++} ++ + int + main (int argc, char *argv[]) + { +@@ -1608,6 +1630,9 @@ main (int argc, char *argv[]) + exit (1); + } + ++ /* Make sure the file is valid. */ ++ valid_file(fd); ++ + dso = fdopen_dso (fd, file); + if (dso == NULL) + exit (1); +-- +1.8.1.2 + -- cgit 1.2.3-korg